Enterprise Risk Management
One of the most difficult aspects of any effective risk management program is the ongoing monitoring of controls once they have been established. OPRS recognizes this, so in order to help support this process, they collaborated with a development team from UC Davis, Safety Services, to create a tool that would help to automate the continuous monitoring of controls established as a result of any type of risk assessment. The result of this collaboration is a tool called UC Action.
This tool is currently designed to support the Retrospective Review process specifically, but over time, it can adapt to include other processes that require ongoing monitoring and follow-up activities. Currently, this tool:
- Provides a platform that allows for more frequent Retrospective Reviews (e.g. - monthly, rather than once every 6 months)
- Allows for the assignment of a primary stakeholder / owner for each claim that requires a Retrospective Review
- Provides up-to-date Retrospective Review completion information to location Risk Managers
- Enables users to assign control review frequency and a responsible person to help enhance control monitoring over time
- Provides automated notifications to responsible persons when a specified action is required, or is over-due
The tool is simple and easy to use, and provides an intuitive platform to help users proactively manage their risks and ongoing control structures. This system is different from Control Tracker (SAS 112/115 compliance system) because it does not require that the controls tracked within the system are "Key Controls" as defined by the university's external auditor, and does not require certification. That being said, the tool does provide reliable documentation as to the performance of controls that are being tracked, and provides the users actionable information to help determine whether implemented controls are functioning as designed, if they are effective, or if they are no longer needed.
This tool assists with the implementation of the Committee of Sponsoring Organizations (COSO) Enterprise Risk Management Integrated Framework in the following ways: